Federal IT leaders are shifting focus from trying to secure every system to prioritizing the systems that need the most security controls. “We realized that no matter how much we protected our systems, something could happen,” said Thresa Lang, deputy director of the Navy Cybersecurity Division, at CISQ’s Cyber Resilience Summit on Oct. 19. […]

Following the Cybersecurity Executive Order, security professionals are focusing on risk management frameworks, and some agencies are turning to the Continuous Diagnostics and Mitigation Program. “Security is not something that you buy, it’s something that you do,” said Matt Conner of the National Geospatial-Intelligence Agency.